ClawHub

Lafeitu (辣匪兔) Spicy Food

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Lafeitu shopping integration that can manage cart, account, profile, and unpaid order actions through the official API when the user directs it.

Install this only if you want an agent to interact with your Lafeitu account and cart. Confirm products, quantities, profile changes, recipient phone, and shipping address before running mutating commands, and use logout or remove the credential file when finished if you do not want the saved token retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The class is explicitly designed as a universal multi-merchant commerce client, while the skill metadata says it is brand-specific to Lafeitu and its official API. This scope expansion is dangerous because it enables the skill to be repurposed for other merchants and account contexts, weakening least-privilege assumptions and increasing the chance of unintended data handling across brands.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The constructor accepts an arbitrary base_url and only enforces HTTPS, not that the endpoint belongs to the official lafeitu.cn API. In a brand-specific commerce skill, this allows requests, tokens, visitor IDs, and profile/cart/order operations to be redirected to attacker-controlled or unintended HTTPS endpoints, creating credential exfiltration and phishing-like risks.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The client persists credentials and visitor identifiers under per-domain directories, enabling long-lived cross-merchant credential storage that is unnecessary for a single-brand skill. In combination with the arbitrary base_url support, this broadens the trust boundary and can retain sensitive tokens for multiple services on disk beyond the user's expectation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation states that credentials are stored locally under a user path, but provides no warning about token sensitivity, file permissions, rotation, logout behavior, or risks on shared systems. This can lead to credential theft or unintended account access if the stored tokens are readable by other local users, copied into backups, or left behind after use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal